Ruby is an interpreted scripting language for quick and easyobject-oriented programming.

A number of flaws were found in the safe-level restrictions in Ruby. Itwas possible for an attacker to create a carefully crafted malicious scriptthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)

A denial of service flaw was found in Ruby's regular expression engine. Ifa Ruby script tried to process a large amount of data via a regularexpression, it could cause Ruby to enter an infinite-loop and crash.(CVE-2008-3443)

Users of ruby should upgrade to these updated packages, which containbackported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188